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Enlarge your burp 
or how not to be afraid of JavaDocs i 
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Igor Bulatenko 
Ivan Elkin 
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Sources 


https://goo.gl/oYjBTg (python) 
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#whoami 


#videns 

Head of QIWI application security department 
Former security software developer 

CTF player and organizer (TechnoPandas) 
JBFC Member © 
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What is all about 


Why people (us) use burp 


Burp 101 
° Official info 
Other presentations 


( 
Internals 
Plugins 


Ne sarang Wan 
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Is it good? 


#1 among web scanners * 
Crossplatform 

Good for manual vulnerabilities testing 
Can scan whole internet 

Has plugins 

Most popular vulnerability checks 
Gartner challengers for AST 
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\ Unofficial infos 


http://www.slideshare.net/jasonhaddix/bsides-final 
http://www.slideshare.net/AugustDetlefsen/burp-extensions 
http://www.slideshare.net/marcwickenden/burp-plugin-develooment-for-java- 
nOObs-44-con 
http://www.agarri.fr/docs/HiP2k13-Burp Pro Tips and Tricks.pdf 
http://www.youtube.com/watch Pv=Q2WKS5LpDbxw 
http://www.youtube.com/watch Pv=N-IKHmGjf2c 
https://twitter.com/everythingbur 
http://www.slideshare.net/AugustDetlefsen/appsec-usa-2015-customizing- 


burp-suite 
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Why improve it? 


e Not correct use of API 
e Scan fullness 
e Time for implementing new techniques 
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How it works (spidering) 


Request Request 
—> 


———@ 
User/Spider HttpListener 
<a 


<4 
Response Response 


v 


PassiveScan 


WebServer 


How its works (active scan) 


Request Request 
—— > —— > 


ActiveScanner HttpListener WebServer 
~_—— -—— 


Response Response 
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: Insertion Point Request 
Insertion Request fx 


Points BuildRequest ——> HttpListener WebServer 


` a 
Provider Response 


burpHelpers burpCallbacks doActiveScan ——_ > ScannerListener 
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Simplest Plugin 


e Show logging functionality (stdout, stderr) 


Demo 01 


e Log InsertionPoints info 
Nested InsertionPoint 


DoActiveScan 


How to debug in python (jython) 


F- 


RESIN 
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Demo 02 


e DoActiveScan 
e Building request for attack 
e How requests are counted (scanner tab) 
e Send requests via callbacks or via jython 
e Highlighting in request/responses 
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Demo 03 


e Error message check (http://virvales.blogspot.ru/2015/08/burp-stacktrace- 
sniffer.html) 

e HttpListener 

e Manual adding scan issue 
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Extension type 
Filename 
Method 


Scanner checks 


You're doing it wrong 


Detail 

Java 
bapps/4f01db4b668c4126a68e4673df79 
registerExtenderCallbacks 

1 


Building a Passive Scanner 
Passive Scanning — Room for Improvement 


e Error Messages 


e Software Version Numbers 


OP) OWASP 
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Right way 


Name: ZN Burp Extension 0.4 


Item 


Extension type 
Filename 
Method 

HTTP listeners 


Detail 


l Python 


/Users/videns/Desktop/python_projects 
registerExtenderCallbacks 
Il 
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Demo 04 


Insertion Point Provider 
Custom Insertion Point, necessary methods 
Logging payloads 
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The end (part 1) 
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